Jon DiPietro is Domesticating IT

Weekly High Five lists the most interesting, compelling, and/or useful links of each week.

Weekly High Five lists the most interesting, compelling, and/or useful links of each week.  This week’s theme is “The Changing Face of Facebook,” but I’ve also included a bonus link from Chris Brogan.

#5: Federal Board Says Employees Shouldn’t Get Fired Over Facebook Posts

The National Labor Relations Board has filed suit against a Connecticut company for firing a worker who complained about her supervisor on Facebook. This will be an important case study to watch and will have implications for how wide or narrow employer social media policies can be.

Link: AllFacebook

#4: Livestream For Facebook Lets You DIY Live Stream Video On Fan Pages

More and more small businesses and sole proprietorships are using Facebook fan pages as free surrogates for a website. Depending on the business, they may or may not be able to get away with this. Either way, Facebook is continuing to chip away at the reasons why you can’t do this (see #3 below).

Link: TechCrunch

#3: Microsoft’s Docs Now Supports Facebook Groups

One of my web pet peeves is the lack of decent group collaboration tools available. Google Wave had promise, but was too complex and “weird” to catch on. With Ning euthanizing its free product, there is a rather large opening that Facebook seems to be moving toward. In addition to providing a means for communication and discussion, Facebook groups has now made it easier to share documents. Now all they need to do is add audio and/or video chat and they’ll really have something.

Link: AllFacebook

#2: Facebook’s Gmail Killer, Project Titan, Is Coming On Monday

This entire week has been abuzz with rumors that Facebook will be announcing its Gmail Killer on Monday. There have been lots of clues, leaks, reading between the lines, and it’s obvious some sort of email solution is on its way. But not everybody is on the same page about what they’ll be announcing (see #1 below).

Link: TechCrunch

#1: Why Facebook Probably Isn’t Launching an Email Service

This is a pretty thought-provoking article. It’s predominately a semantics argument about what exactly constitutes an “email” solution. The important aspect of this article is the discussion about the future of electronic communications. Many of us are aware of the fact that only about 11 percent of teenagers use email and many colleges have halted the practice of providing freshmen with “edu” email addresses. From my own anecdotal experience, I’ve watched my two teenage daughters shift much of their communication away from text messaging and toward Facebook instant messaging. My guess is that Facebook is grabbing onto that trend with both hands and rather than trying to kill Gmail, it’s looking to serve the users who aren’t using email at all.

Link: Fast Company

Bonus: Don’t Do This – Speaking

I think most speakers are guilty of this until they learn otherwise. But it’s still far too common, so I’m doing my part to wipe out this scourge by sharing this brilliantly simple doodle from Chris Brogan:

Don't Do This, from ChrisBrogan on Flickr

Link: Chris Brogan

Continue Reading

Weekly High Five lists the most interesting, compelling, and/or useful links of each week.

This week’s High Five include a couple of stories about how technology is affecting governmental organizations.  The last three stories all demonstrate the power and pervasiveness of social media on every aspect of our lives; whether we know it or not, and whether we want to admit it or not.

#5: Los Angeles adopts Google e-mail system for 30,000 city employees

Well, Google has bagged itself an elephant.  In a unanimous vote, the Los Angeles city council became the largest city to move its entire email infrastructure to Gmail.

http://latimesblogs.latimes.com/technology/2009/10/city-council-votes-to-adopt-google-email-system-for-30000-city-employees.html

#4: Lobbyists beware: judge rules metadata is public record

This is an interesting legal development that will make it a little bit harder for politicians, lobbyists, or government officials to pull a fast one over us.  Document metadata includes information such as the author, creation date, etc…  In some cases, this information can be used to reveal details of a document’s true history.

http://arstechnica.com/tech-policy/news/2009/10/lobbyists-beware-arizona-rules-metadata-is-public-record.ars

#3: Mob rule! How Users Took Over Twitter

This is the sort of thing that one could write an entire book about.  On the surface it sounds simple enough; a Web 2.0 technology comes out, users run with it and discover cool applications that the founders hadn’t intended or thought of, then rebel against changes that marginalize those applications. But if you’re listening carefully, there’s a lot there that can apply to institutions, businesses, consultants, etc…

http://www.wired.com/magazine/2009/10/ff_twitter

#2: Google Social Search

This short video describes what I believe will turn out to be an important change in the way we find information. It warrants its own blog article (that will be upcoming), but in the mean time consider the following.  Who do you trust more?  A Microsoft commercial or your nephew-computer-whiz?  A Wall Street Journal reporter or your accountant for the past 20 years?  The point is that we trust the people we know, and social search is a way for Google to leverage your own network to provide “pre-qualified” search results from sources you typically trust more than most.

You can read the entire help article here:

http://www.google.com/support/websearch/bin/answer.py?answer=165228

#1: Clay Shirky: How social media can make history

This video is a TED presentation by Clay Shirky, who is my favorite speaker and author on the subject of social media.  In this presentation, he makes a compelling case about how powerful and pervasive social media is in ways that are far more important than clever marketing techniques.

The other take away, for my money, is a lesson in innovation, which often occurs when common, boring technologies are used in unique, exciting ways.

http://www.ted.com/talks/clay_shirky_how_cellphones_twitter_facebook_can_make_history.html

Feel free to provide your thoughts and/or contributions…

Continue Reading

Phishing is a deceptive tactic used in emails, on bogus web sites, and other communication media that convince people to click on a link that typically brings the user to an impostor web site. These cyber attacks are generally attempting to accomplish one or both of the following:

• Surreptitiously obtain personal account information
• Plant virus and/or worm programs on the machine

Phishing is considered to be a “social engineering” cyber attack because it relies on tricking or deceiving humans into doing something they don’t realize they’re doing (see “The Hacker as a Magician“). This is contrasted by exploits, which rely on shortcomings or defects in computer firmware or software to accomplish their nefarious objectives.

There are two common link manipulation tactics used that are easily recognized if you know what to look for…

Tactic #1: WYSINWYG

“WYSIWYG” is an acronym for What You See Is What You Get and is commonly used to describe software programs that provide an intuitive, graphical user interface that provides an accurate visual representation of the final rendering of some sort of content. In this case, I’m coining a new acronym; What You See Is Not What You Get. This is because the first common misdirection tactic used in Phishing is to display a legitimate URL (uniform resource locator) address that, in fact, points to a completely different address.

In order to understand how this works, here is a very quick and dirty introduction to how links are built in HTML. You’ll notice that there are various links scattered throughout this article that are plain English words that can be clicked.  As an example, the code for creating “Click here to visit my blog” looks something like this:

Click <a href=”http://domesticatingit.com”> here</a> to visit my blog.

When your browser sees this code, it composes a link to the address pointed to in the “href” attribute (in this case, “http://domesticatingit.com”) but only shows you the word “here”. Phishing attacks frequently rely on displaying a link that appears to be a legitimate address but isn’t. Consider the following screen shot:

Example Phising email

This is an example from Microsoft’s web site of a common technique that Phishing attacks use to obtain online banking credentials. The text displayed in the email (#1) displays the legitimate URL for this fictitious bank’s login page. However, hovering over the link in Microsoft Outlook reveals that the actual address (#2) is a completely different address. There are three observations to make in this example:

1. The displayed address and the actual address are different. This is a huge red flag and should make you extremely suspicious.
2. The displayed address is secure (i.e. “https”) URL, and the actual is not. Again, this is a red flag.
3. The actual address is an IP address instead of a domain name. While there are occasionally legitimate reasons for doing this, it is another red flag that makes the link questionable.

In most software programs, hovering over a link will display the actual address either in a status bar or as balloon text below the link. Here’s an example from my Gmail account (using Firefox 3) that illustrates how to see where the link in an email is going to take you. The cursor is hovering over the “Review Legal Agreements” text and the status bar in the lower left hand corner displays the “href” attribute of the link.

Example of email link previewing

If for some reason hovering over the link does not reveal the destination address, you can usually right-click on the link and select “Copy Link Address” and then paste into Notepad in order to check it.

Bottom Line: Look before you leap.

Tactic #2: Sneaky URLs

Another tactic employed in Phishing attacks is to use URLs that, at first glance, appear to be legitimate because they include the real web site’s name somewhere in the URL. A recent Phishing exploit pointed toward Twitter users employed this approach to steal logins by using “twitter.access-logins.com” for the domain. Many people are fooled into believing this is legitimate simply because the word “twitter” appears in the address. It is further legitimized by rendering a near-perfect forgery of the real web site:

Twitter Phishing forgery

The reality, however, is that entering your login credentials on this site causes them to be logged to a hacker’s database that then uses the compromised accounts to send direct messages to other Twitter users.

This deception works because the address used directs a browser to the “twitter” subdomain of the “access-logins” web site. Without diving into a full-blown tutorial on how host names are constructed, suffice to say that you need to read host addresses from right to left in order to understand how they are qualified. The right-most portion of the address is “com”. The next portion of the address, “access-logins” is the actual domain name. The WHOIS registrant for this domain turns out to be:

Registrant:
  Organization   : zhang xiaohu
  Name           : zhang xiaohu
  Address        : changningzhonghuainanlu192hao
  City           : changning
  Province/State : Hunan
  Country        : CN
  Postal Code    : 421500

Bottom Line: Parse that address – make sure the two right-most components are correct (e.g. “twitter.com”).

Feel free to add your hints and suggestions in the comments below.  Also, forward this article to anyone you know who might be vulnerable to these tactics.  You can find more advice on avoiding Phishing scams on Fraud.org.

Continue Reading

Oklahoma Bricktown Land Run

By now, many people are familiar with Cybersquatting – a process whereby a person registers a domain name in bad faith with the intent of reselling it later for a profit. Recent legislation has made it easier for trademark holders and famous persons to obtain their domains from squatters, but the process is by no means full-proof (just ask Kevin Spacey and Bruce Springsteen).
However, this is just one layer of an increasingly complex wired world…

I Registered, Therefore I Am

All large and most small/medium/micro businesses (though still not enough) are finally coming to the realization that online invisibility is a tremendous liability. But what about your personal online visibility? Many people have registered their personal names as domain names. Indeed, most domain registrars beat you over the head with requests to do so. But this article is about far more than domain names – that ship pretty much sailed years ago along with Gmail and Hotmail addresses. This is about establishing your online homesteads to be prepared for the current and future waves of social networking.

“Do you have a flag?”

This is a brilliant and hilarious skit by comedian Eddie Izzard. He satirizes imperialistic England, who claimed ownership over indigenous civilizations “through the cunning use of flags.” And so it goes with the new wired world – possession, as they say, is nine tenths of the law. You need to claim as much territory as possible as soon as possible and all you need is a flag: your name.

More and more every day, web sites are becoming tools for learning more about individuals. Sites like LinkedIn and VisualCV are becoming de facto online résumés. Blogger and WordPress are windows into peoples’ expertise and opinions. Flickr, Delicious, and Netflix allow people to share their interests and experiences. Of course, there are the mothers of all personal identity sites; Facebook and MySpace. Finally, there are aggregators like FriendFeed and Plaxo that attempt to tie them all together. You may utilize few if any of these sites right now, but do you want to bet your online future on the fact that you never will?

He Who Hesitates Is Lost

I’m fortunate in the sense that my name is not all that common. My identity is pretty readily available on most platforms. However, I’m not leaving it to chance. I registered my domain name years ago and have been on a land-grabbing tear recently, snatching up my identity on any site with which I come into contact regardless of whether or not I think I will use it. It’s the sports equivalent of “the best offense is a good defense.” I firmly believe that more and more prospective employers and customers will be using online searches for individuals sooner rather than later. If nothing else, don’t let them find the other “Jane Smith” before you.

On Your Mark, Get Set, Register

If you’re new to social networking and/or personal branding you may have no idea where to begin and that’s understandable. In my opinion, these are the top priorities:

• General
  • Domain name (e.g. www.janesmith.com)
  • Email (e.g. [email protected], [email protected])
  • Twitter (e.g. twitter.com/janesmith)
• Professional
  • LinkedIn (e.g. www.linkedin.com/in/janesmith)
  • Blogger (e.g. janesmith.blogger.com)
  • WordPress (e.g. janesmith.wordpress.com)
  • Technorati (e.g. www.technorati.com/people/tecnorati/janesmith)
• Personal
  • Facebook (e.g. www.facebook.com/people/JaneSmith)
  • YouTube (e.g. www.youtube.com/user/janesmith)
• Sharing and Aggregating
  • FriendFeed (e.g. friendfeed.com/JaneSmith)
  • Delicious (e.g. delicious.com/JaneSmith)
  • Digg (e.g. dig.com/users/JaneSmith)
  • Flickr (e.g. www.flickr.com/photos/janesmith)

Have I left anything out?

Photo credits:
‘Oklahoma Bricktown Land Run’ courtesy of Serge Melki from Flickr (creative commons)

Continue Reading